Because of the security you need some kind of middle layer between the client and the database. It is very dangerous to expose the database directly to the internet. A lot of applications use SOAP in this scenario, because it is widely adopted. You make a SOAP service, define the protocol and functions and the client then calls that. Other options are, that you make a REST based service / server that does the same, or even make a plain TCP /IP layer. So you options are:
- SOAP service as the middle layer
- REST HTTP based middle layer
- XML RPC based middle layer
- Pure TCP /IP middle layer
- VPN connection for clients
If you make a VPN connection from the client then you can have a direct database access, but this is probably to acward for the clients specialy if they are not from your company. I personaly would probably go with 2 or 3, but just because I do not like SOAP to much. Most if asked would prefer SOAP I guess.
EDIT:
Since I see these are remote offices, you can consider a permanent VPN connection. Most routers these days are capable of those. Then your application can work in the same way remotely as it does localy.